David Stutzman wrote:
SEC_SignData() is the function you want to use to sign straight data. It handles all the translation between standard signatures and what PKCS #11 expects. It will also handle the differences between different signing algorithms (rsa or dsa).Hello again,First off, thanks for the help on the previous issue Nelson.I'm playing around here just trying to do some simple things to ramp up my knowledge of NSS and C in general. I have read through as much of the docs that are on the mozilla.org site as seem applicable (http://www.mozilla.org/projects/security/pki/nss/#Documentation). I have the whole concept of the internal PKCS11 module down in my head and understand it's much better not to try to work with keys/certs in the raw from filesystem.Basically at this point I'm a bit lost/confused as to what methods to use. I started with some simple PK11_Sign and PK11_Verify using an RSA private key gleaned using PK11_FindKeyByAnyCert method and the public key grabbed from the certificate using CERT_ExtractPublicKey. The sign appears ok, but the verify segfaults. I looking into SEC_SignData which appears to be a little more flexible and lets you specify an algorithm (which I will need to do) but couldn't find a method that appeared to be the corresponding verify.
The Companion is VFY_VerifyData()
NSS_CMS will produce an ietf CMS value. This is good for encapsulating signatures and their data. The code is geared mainly for S/MIME, though it's useful in other applications. If you don't already have a good transport for your signature and data, it's a good choice. Unfortunately the interface is a streaming interface. Adding a data wrapper interface to the code would probably be a useful addition.I also looked into the P7* methods but while looking through the newsgroups I found a message from Nelson saying the P7* methods are deprecated and to use the NSS_CMS methods. (http://groups.google.com/group/netscape.public.mozilla.crypto/browse_thread/thread/cee36c26a8da63e8/5506dd92390196f0?rnum=2#5506dd92390196f0)
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
